I would like to configure palo Alto to block internet access via opera web browsers, as this browser can bypass my web-filter.
my Palo Alto License is only for Antivirus, Anti-Spyware, and Anti Vulnerability.
Solved! Go to Solution.
Palo Alto web filtering does not rely on any browser configuration. Instead you would need to place the firewall in the final path that the traffic must cross on the way to the internet. If the traffic crosses the firewall then a web filtering policy can be applied to the appropriate rule for the users.
The browser in use is not relevant, the web browsing traffic will be filtered per the configured rule.
There is an app, opera-mini, which will detect the Opera Mini browser. Opera mini operates by using a proxy server over SSL to retrieve all content. Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible. To block access just create a security policy with the opera-mini application and set the action to deny.
This application also covers the desktop Opera browser when used in the offroad mode.
In addition.. food for future thought.
When a web browser connects to any website, it sends what the browser is and version in the HTTP headers. You may be able to create a custom application which matches on that information and blocks it. You would want to test thoroughly but it may be possible.
You could also use the regex in the dlp engine to attempt this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!